Now that we’re further into the pandemic, organizations have had some time to find (and fix) security gaps in their remote working arrangements. But along with smartphones and laptops, they should also consider digital thermostats and smart refrigerators in employees’ homes that could infect their corporate network.
It sounds like something out of a sci-fi movie, but IoT cyber attacks are on the rise — and the pandemic has made it easier for cyber criminals to infiltrate corporate networks.
“IT departments are besieged with countless devices swarming networks and endpoints as the footprint of their corporation expands beyond the traditional perimeter,” according to SonicWall’s mid-year cyber threat report. “Unchecked IoT devices can provide cybercriminals an open door into what may otherwise be a well-secured organization.”
When COVID-19 uprooted the world as we know it, cyber criminals saw it as an opportunity, homing in on unsecured IoT and mobile devices to launch new attacks.
In February and March, mobile infection rates jumped almost 30 per cent largely due to pandemic-related incidents, according to Nokia’s Threat Intelligence Report 2020. This impact was later felt in fixed broadband networks (at a 2.16% monthly infection rate per residence, spiking in May and June).
Info-stealers, spyware and Trojans
While ransomware makes the headlines, info-stealers and mobile spyware are escalating, and Trojans are “the malware of choice,” according to the report, jumping from 34 per cent last year to 74 per cent to date in 2020. That’s in part because the “exceptional circumstances of this year have made phishing campaigns the best way to deliver malware directly to users.”
Attackers can also spread malware through IoT devices in WFH environments via devices ranging from digital cameras and smart appliances to doorbells, thermostats and gaming consoles — not to mention via devices used in healthcare, industrial and other workplace settings. (Remember in 2018 when a Las Vegas hotel was hacked through a smart thermometer in a fish tank?)
The evolving dark_nexus (Dark Nexus) botnet, for example, specifically targets IoT, using known credentials to install itself on compromised devices — anything from video recorders to thermal cameras — and launch distributed denial-of-service (DDoS) attacks.
Dark Nexus also preys on devices in industrial settings, such as utilities routers, smart meters and industrial controllers. “If successful, an attack on these devices could compromise entire infrastructures — of states or even countries,” says Yoni Kahana in an article for IoT for All.
“For example, Dark Nexus could compromise a state’s electric grid, seize control of the smart meters, and manipulate the meters to run too slowly or too quickly,” he says. “What seems like a simple action can, indeed, have catastrophic results … and, ultimately, incite chaos.”
IoT infection rates spike during COVID
Since the start of the pandemic, IoT infection rates have skyrocketed. According to the Nokia report, IoT devices are now responsible for 32.72% of all infections observed in mobile networks, up from 16.17% in 2019. “This trend lines up with the growing number of IoT devices that are now connected to mobile networks,” states the report.
While IoT already presents a security risk — indeed, IDC predicts that by 2025 there will be 41.6 billion IoT devices, generating 79 zettabytes of data — 5G will amplify that risk. After all, this speedy next-gen network will make all sorts of new applications possible at the edge of the network. And with those new possibilities come new risks.
With 5G, most network functions run in the cloud. But as the Nokia report points out, “these cloud environments are not restricted to central clouds but will comprise a number of highly distributed cloud deployments in order to facilitate mobile edge computing close to mobile devices.”
Protecting against IoT risks
So what can you do to protect your organization against these risks, particularly if you have a remote WFH workforce for the foreseeable future? According to IoT Analytics, which provides market insights on the Internet of Things, security best practices include:
- Revisiting how you manage your asset inventory
- Scanning for shadow IoT devices
- Reviewing which security applications should run in the cloud
- Analyzing which security efforts can be automated through AI detection tools
The Nokia report points out that “in networks where carrier grade NAT is used, the infection rate is considerably reduced, because the vulnerable devices are not visible to network scanning.”
That will help. But Kahana also recommends assuming that every IoT device has vulnerabilities that could be targeted by attackers. That means being aware of all IoT assets in your network and their potential risks. For example, what happens if Dark Nexus were to get a foothold in your organization?
“While it is obvious that cybersecurity solutions need to be able to prevent cyberattacks, companies need to remember that their cybersecurity solutions should also have the capability to detect attempted attacks,” says Kahana.
Images: Andrey Suslov/iStock